Scott Miller

started a topic
about 2 years ago

Attachment Filtering for Macros

We need a way to filter/block
macro-enabled attachments (Word/Excel files primarily). Since most ransomware is now
coming via macro-enabled attachments, in addition to ZIP files, it would be great to be able to restrict the receipt of the macro-enabled attachment on the front-end and have users come to us to unquarantine those attachments that are valid.

1 person likes this idea

A

Adrian Davey

said
about 2 years ago

This is already possible (somewhat) using the smart rules. (See image below)

Having said that - we do not use the smart rules - because the Office 2007 rules block non-macro files too.

Instead I have a couple dozen rules that block the individual Office extensions that indicate there is a risk of executable code - took me less than 10 minutes to Google a list of Office file extensions, copy it to Excel remove the non-threat ones, and paste the list into a rule within VIPRE.

Due to the risk inherent in 2003 .doc .xls etc we also block those - which proves to be a massive pain as many of our suppliers & customers still use the 2k3 format.

That's where my feature request comes in of having an option to generate a notification directly from a rule so we can educate senders. Review it and support it if you like it!